Schools Will Continue ‘Flubbing’ Cybersecurity

“Schools have lots of things connected, but they don’t have a lot of IT support. They’re not always running the latest and greatest equipment. And so that makes them a target of opportunity,” Levin explained. At the beginning of 2016, Levin began tracking cybersecurity-related incidents reported about U.S. K-12 public schools and districts. As of the end of November 2017, he has added 234 security-related events to his “cyber incident map.”**

…

The fact that nobody else was doing this security tracking in such a focused and methodical way before Levin took on the challenge indicates just how immature the education field is when it comes to cybersecurity. “We know so little about the nature of threats that it’s still in a place where we believe the world is flat,” he mused. “We don’t really understand the nature of threats — how they change over time, what steps districts can take to protect themselves. If you don’t understand the nature of a threat, you can put in place all sorts of policies or buy all sorts of technology, and it turns out you’re buying the wrong stuff.”

** NOTE: In the five months since I was interviewed for this piece, the K-12 Cyber Incident Map has identified over 100 new incidents (329 as of right now).